On Mon, 19 Jun 2006 08:59:45 -0400, Joe Maimon <[EMAIL PROTECTED]> wrote:
> > > Steven M. Bellovin wrote: > > > I just submitted an I-D on TCP-MD5 key change. Until it shows up in the > > official repository, see > > http://www.cs.columbia.edu/~smb/papers/draft-bellovin-keyroll2385-00.txt > > Here's the abstract: > > > > The TCP-MD5 option is most commonly used to secure > > BGP sessions between routers. However, changing > > the long-term key is difficult, since the change > > needs to be synchronized between different > > organizations. > > We describe single-ended strategies that will permit > > (mostly) unsynchronized key changes. > > > > > > Comments welcome. > > > > --Steven M. Bellovin, http://www.cs.columbia.edu/~smb > > > > > > This I-D says BGP implementations should be able to be configured with > multiple keys for peers and should do the Intelligent Thing with them. > > Makes sense to me. > > Did I read it right? > Yes. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb